Snort mailing list archives
RE: ICMP Source Quench
From: twig les <twigles () yahoo com>
Date: Mon, 7 Jul 2003 12:18:53 -0700 (PDT)
Yahoo still has a search engine? ;-) --- Bryan Waters <bryanw () abwaters com> wrote:
Of course...but I did my search on yahoo and the results were so noisy that I couldn't find anything specific on the topic. Also...I would have thought that Snort would have had at least a blurb in the online rule docs...since they didn't and the yahoo results were so bad, i didn't push it figuring it was something rather esoteric. -bryanw -----Original Message----- From: Chris Green [mailto:cmg () sourcefire com] Sent: Monday, July 07, 2003 9:08 AM To: Bryan Waters Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ICMP Source Quench "Bryan Waters" <bryanw () abwaters com> writes:What is an "ICMP Source Quench"? I have snort running and its working fine...i'm just lookingfor a place todetermine what some of the more poorly documented rulesare...so i can getan idea of what exactly is happening and how much of athreat it is... Please tell me you atleast did (Lie if you have to :-)): http://www.google.com/search?hl=en&query=ICMP+Source+Quench. http://www.firewall.cx/icmp-source-quench.php The additional $0.02 from experience: Often times if you see ICMP source quenches your network is either flooding a particular network OR you netblock is being spoofed and some poor old sod is being flooded and can only yell at you about it. Try reverse dns on the Source IP and if it's an IRC server, it's probably the latter. -- Chris Green <cmg () sourcefire com> Fame may be fleeting but obscurity is forever. ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) Kristian Ro (Jul 06)
- Re: (no subject) Simon Gray (Jul 07)
- Re: (no subject) Jason K. Boykin (Jul 07)
- ICMP Source Quench Bryan Waters (Jul 07)
- Re: ICMP Source Quench Chris Green (Jul 07)
- RE: ICMP Source Quench Bryan Waters (Jul 07)
- RE: ICMP Source Quench twig les (Jul 07)
- ICMP Source Quench Bryan Waters (Jul 07)
- <Possible follow-ups>
- (no subject) Ravi (Jul 11)
- (no subject) JP Vossen (Jul 24)
- (no subject) Marc Quibell (Aug 04)
- Re: (no subject) Chris Green (Aug 06)
- RE: (no subject) Miller, Eoin (Aug 04)
- (no subject) RAJNEEL DHOTRE (Aug 05)
- Re: (no subject) Erek Adams (Aug 05)
- Re: (no subject) Matt Kettler (Aug 05)
- Re: (no subject) Patrick S. Harper - CISSP (Aug 05)
- Re: (no subject) Erek Adams (Aug 05)